High Performance Appliances
The LogRhythm SIEM Platform is designed to significantly reduce the mean time to detect (MTTD) and respond (MTTR) to threats, enabling organizations to neutralize them before they cause a damaging cyber-incident or data breach. Our Gen 5 appliance line offers greater data center density to increase processing rates by 60 percent. This improvement frees your team to spend more time on areas of higher value and risk and less time maintaining the platform.
- NextGen SIEM and log management
- Endpoint forensics and file integrity monitoring
- Network traffic analytics with Application ID and full packet capture
- State-of-the-art machine analytics
- Advanced correlation and pattern recognition
- User and entity behavior analytics (UEBA)
- Structured and unstructured search
- Large data set analysis via visual analytics, pivot, and drill down
- Security orchestration, automation, and response (SOAR)
- Workflow automation via LogRhythm’s SmartResponse™
- Integrated case management
LogRhythm high-performance appliances are built to deliver maximum flexibility, with options ranging from convenient all-in-one platforms to high-performance, dedicated appliances for massive scalability in extremely large environments. LogRhythm’s distributed, incrementally scalable architecture ensures that deployments can scale horizontally and vertically by simply adding appliances.
- Building block architecture and geographic flexibility
- Expandable storage options with any sized model
- Centralized management
- Flexible high-availability options with automatic failover
- Dedicated high-performance collectors
Platform Manager (PM): LogRhythm PM appliances provide alarming, notifications, case and security incident management, workflow automation, and centralized administration for a LogRhythm deployment. Each LogRhythm deployment has a single Platform Manager.
Data Processor (DP): LogRhythm DP appliances provide distributed and highly available processing of machine and forensic data. They receive machine and forensic data from collectors and forensic sensors, leveraging LogRhythm’s Machine Data Intelligence Fabric taxonomy to transform data into a structured and contextualized form. Processors archive data and distribute both the original copy and the structured copy to other LogRhythm components in support of indexing, machine-based analytics, and alarming.
Data Indexer (DX): LogRhythm DX appliances deliver distributed and highly scalable indexing of machine and forensic data. Indexers can be clustered to enable high availability and improved performance. Indexers store original raw data as well as structured data to enable structured and unstructured search-based analytics.
All-in-One (XM): LogRhythm XM appliances provide the functionality of the PM, DP, and DX appliances on a combined platform, as well as a fully portable AI Engine license. Many deployments begin with an XM configuration and are later combined with additional components to enable fault tolerance and increase capacity and performance of a LogRhythm deployment.
AI Engine (AIE): LogRhythm AI Engine appliances deliver highly scalable, patented machine analytics for advanced correlation and behavioral analysis, including automated behavioral, histogram, statistical and whitelist profiling. Multiple AI Engine nodes can be deployed in support of distributed analysis and workload scaling.
Network Monitor (NetMon): NetMon appliances offer full visibility into network traffic, identifying applications via deep packet inspection, providing real-time unstructured search access to all metadata and packet captures. NetMon can also forward Layer 7 SmartFlow™ to the SIEM or other solutions for additional analysis.
Data Collector (DC): LogRhythm’s optional DC appliances collect log, flow, and machine data for secure transport from remote locations to LogRhythm DCs and can encrypt and compress data prior to transport.
High availability and disaster recovery
LogRhythm appliances are built with onboard redundancy for maximum fault tolerance. LogRhythm’s flexible High Availability and Disaster Recovery solutions can be tailored to meet the specific requirements of any organization. LogRhythm’s optional, integrated agents are configurable to failover to secondary and tertiary data processors, allowing for uninterrupted collection of data in the event a data processor is unavailable.
LogRhythm appliance specifications
LogRhythm’s quick and easy installation, combined with flexible expansion capabilities provide a rapid time to value. Most commonly delivered via high-performance appliances with a building block approach to architecture maximizes deployment flexibility and scalability. Whether you are expanding to meet growing enterprise-wide needs, or you have short-term compliance requirement and intend to expand the scope of your deployment later, LogRhythm can quickly and simply scale by adding additional appliances.
Learn how LogRhythm can help your team
Contact us to learn what pricing and licensing options are right for you.